Cisco Patches Zero-Day Exploit in Secure Email Gateway Appliances

Recently, Cisco has addressed a critical vulnerability in its Cisco AsyncOS software that was being exploited in attacks targeting Secure Email Gateway (SEG) and Secure Email and Web Manager (SEWM) appliances since November 2025.

The vulnerability, identified as CVE-2025-20393, specifically impacts Cisco SEG and Cisco SEWM appliances with non-standard configurations when the Spam Quarantine feature is enabled and exposed on the Internet.

Cisco stated that the flaw in these appliances could allow threat actors to execute arbitrary commands with root privileges on the underlying operating system, emphasizing the severity of the issue.

Instructions for upgrading vulnerable appliances to a secure software version can be found in Cisco’s security advisory, ensuring that organizations take necessary steps to protect their systems.

According to Cisco Talos, a Chinese hacking group known as UAT-9686 is believed to be responsible for exploiting the vulnerability to gain root access and carry out malicious activities.

During the investigation, Cisco Talos observed the threat actors deploying various malware tools, including AquaShell persistent backdoors, AquaTunnel, Chisel reverse-SSH tunnel malware implants, and AquaPurge log-clearing tool to cover their tracks.

These tools have also been associated with other Chinese state-backed threat groups like APT41 and UNC5174, indicating a sophisticated and organized cyber espionage campaign.

CISA has categorized CVE-2025-20393 as a known exploited vulnerability and directed federal agencies to follow Cisco’s guidance to secure their systems promptly, in line with Binding Operational Directive (BOD) 22-01.

Emphasizing the importance of addressing such vulnerabilities, CISA urged organizations to assess their exposure, monitor for signs of compromise, and implement mitigations as advised by the vendor to safeguard their systems from potential cyber threats.

The article also highlights a comprehensive guide from Wiz that helps organizations enhance their security practices, whether it’s managing secrets or securing AI-generated code. The guide aims to streamline security processes and minimize risks effectively.

Discover how to build a secure foundation for your projects with Wiz’s insightful guide on secrets management and cybersecurity best practices.

Download the cheat sheet now and fortify your defenses against potential security threats.

Download Now